Skip to content

What is Cedar#

Cedar is a policy syntax invented by Amazon and used by their Verified Permission service. Cedar policies enable developers to implement fine-grain access control and externalize policies. To learn more about why the design of Cedar is intuitive, fast and safe, read this article or watch this video

Cedar uses the PARC syntax:

  • Principal
  • Action
  • Resource
  • Context

For example, you may have a policy that says Admins can write to the /config folder. The Admin role is the Principal, write is the Action, and the /config folder is the Resource. The Context is used to specify information about the environment, like the time of day or network address.

Cedar, Cedarling, and Lock diagram

Fine grain access control makes sense in both the frontend and backend. In the frontend, mastery of authz can help developers build better UX. For example, why display form fields a user is not authorized to see? In the backend, fine grain policies are necessary for a zero trust architecture.